The leak took place
through the Danish “Robinson List” which lists people
who are immune from direct marketing, officials said Thursday.
The exposure took place back on Wednesday while the personal
details were available for almost an hour.

The Social Security numbers were being sent from CSC, a Danish IT
company that works with the Danish government, to the State
Social Security Office.

It is common practice for Denmark’s financial institutions,
hospitals and other government agencies to request the number as
a proof of identity, meaning the exposure left several people
wide open to abuse.

The list was downloaded 18 times in the time in was made
available to the public.

“We come from an analog world in which the Social Security
number was super convenient. But it does not fit into a digital
world that has a number that is so easy to crack,” said
Council President for Digital Security, Birgitte Kofod Olsen,
reported Danish business daily, Borsen.

“When you have a birthday and age, it is easy to guess the
rest.”

Economic Affairs and Interior Minister Margrethe Vestager
responded in a statement on Thursday.

“It's simply a mistake that should not happen ... I will
consider the implications of this very thoroughly,” she
said.

The EU is no stranger to massive leaks – caused by system
glitches and hacking. In May, personal data of 1.3 million
clients of the French telecommunications corporation Orange were
stolen. The hack included mobile and land
phone numbers, dates of birth and email addresses of the
company's clients.